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DETAILED ACTION 



1 . Applicant's arguments filed 9/7/2004 have been fully considered but they are 
not persuasive. 

2. The Applicant argues that a reference used, Musgrave, teaches away from the 
present invention. 

3. The Applicant argues that neither Anderson, Vance, or Musgrave describe or 
suggest, storing results of the verification in an activity log in a central service and 
allowing specified users to access the results. 

Response to Arguments 

4. In response to applicant's arguments against the references individually, one 
cannot show nonobviousness by attacking references individually where the rejections 
are based on combinations of references. See In rye Keller, 642 F.2d 413, 208 USPQ 
871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill 
in the art. See In re Fine, 837 F 2d 1071, 5 USPQ2d 1596 (Fed. Cir 1988) and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). 
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The Applicant submits that Musgrave fails to describe or suggest storing a 
result of a verification of a digital credential in a central service and allowing specified 
users to access the result. To demonstrate that it is old and well known in the art to 
receive a request to verify the use of a digital credential by a user of a digital 
credential, the digital credential being a digital security mechanism associated with the 
user's identity, the reference Musgrave was provided. The biometric certificates by 
definition are digital credentials of individuals. Musgrave further illustrates the 
receiving a request to verify, verifying the digital credential, sending results, storing the 
results and allowing restricted access. 

The Applicant states that Musgrave teaches away from the present combination 
but it does not appear that the Applicant substantiates the statement. As previously 
presented, Anderson is the primary reference with the other references provided to 
demonstrate that the specifics of a concept taught by Anderson is old and well known 
to that person having ordinary skill in the art. As stated, one cannot show 
nonobviousness by attacking references individually where the rejections are based 
on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 
1981); In re Merck & Co,, 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

As per claims 1, 13, and 23: 

The Applicant's application can be paraphrased to a transaction utilizing a 
credit card. The first step is the authentication of the credit card at the time of charging 
the items purchased to the credit card. The credit card magnetic strip is read and then 
sent to a central service, which could be either an Automated Clearing House or an 
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Electronic Data Exchange, which validates the information and returns the results to 
the first service that requested it. The specifics of the transaction are recorded in an 
activity log to be used for the end of the billing period cycle of payment request and 
account reconciliation. 

Anderson teaches about a computer-based data storage, manipulation, 
access and retrieval system, such as an accounting system. Col. 12, lines 40-55. 
Anderson further discloses the concepts of public key cryptography and its various 
uses involving transactions. Anderson provides examples involving electronic 
checking, loan applications, medical records and electronic contracts. Each of these 
incorporate the limitations of the present application and delineate the receiving a 
request for service, verifying the requestor/or user, sending a results back to the 
requestor, manipulating the transaction data for future accounting, and it is old and 
well known that only specified users can have access to checking accounts, loan 
accounts, medical records, and electronic contract accounts. 

Anderson provided the conceptual framework presented by the Applicant. 
To demonstrate that storing results of an activity in a central location that 
communicates with each of a plurality of different locations, and allowing 
specified users to access said results, is old and well known to persons having 
ordinary skill in the art, Vance was provided. 

The Applicant submits that account identification information is distinct from 
digital credentials associated with a user's identity. However, the claim is presenting a 
notification procedure. The Examiner submits that the notification of the activity in an 
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account would occur whether the identity of the user was an account id. a digital 
credential or any other form used to identify an individual/account. Goldsmith specifically 
addresses the concept of electronic notification of an account activity. 

As per independent claim 30, the claimed invention is directed to non-statutory 
subject matter. The claims must be useful, tangible and concrete as determined by the 
State Street Bank decision. The claims have no tangible, concrete product and are 
therefore non-statutory. 

The Applicant submits as per claim 42 that Goldsmith's account activity 
techniques are not applicable to digital credential usage information. The Applicant is 
effectively proposing that the type of data being processed by an account activity technique 
renders it non-obvious and unique. The Examiner submits that an account activity 
technique vyill accomplish the same outcome/results regardless of the type of data it is 
dealing with since the differences are only found in the nonfunctional descriptive material 
and are not functionally involved in the steps recited. The account activity techniques 
steps would be performed the same regardless of the data. Thus, this descriptive 
material will not distinguish the claimed invention from the prior art in terms of 
patentability, see In re Gulack, 703 F.2d 1381, 1385. 217 USPQ 401, 404 (Fed. Cir.^ 
1983); In re Lowry, 32 F.3d 1579. 32 USPQ2d 1031 (Fed. Cir. 1994). 

The Applicant submits that as per claim 53, that neither of the references Anderson, 
Goldsmith, and Sudia describe or suggest the limitations. Sudia is not specified as a 
reference in the limitation rejection of claims 53-56. The subsequent discussion regarding 
Sudia appears moot since Sudia was not used in the rejection. 
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Claim Rejections - 35 USC §101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, 
manufacture, or composition of matter, or any new and useful improvement thereof, 
may obtain a patent therefor, subject to the conditions and requirements of this title. 

Claim 30 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. In claim 1 the applicant claims a method for 
receiving use information describing a first use receiving use information describing 
a second use .... storing the use information .... generating an activity report 
allowing said owner to view . . . , allowing said delegate to view . . . , This process might 
be performed without the aid of any technology and therefore the claimed method is not 
within the technological arts. 

All that is necessary to make a sequence of operational steps in a statutory 
process within 35 U.S.C. 101 is that it be in the technological arts so as to be in 
concordance with the Constitutional purpose to promote the progress of "useful arts" In 
re Musgrave, 431 F.2d 882 167 USPQ 280 (CCPA 1970) 

A claim is limited to a practical application when the method, as claimed, 
produces a concrete, tangible and useful result: i.e. the method recites a step or act of 
producing something that is concrete, tangible and useful. See AT&T v. Excel 
Communications Inc, 172 F3d at 1358, 50 USPQ2dat 1452. 
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Claims 31-41 are dependant on rejected claim 30, and are rejected for at least 
the same reasons. 



Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-8, 10,12-18,20,22-37,39, and 41 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Anderson et al. US 6,021,202 [Anderson 202], and in 
further view of Vance et al.- U.S. 6,442,526 [Vance 526]. 

As per claims 1,13,23,30, and 32: 
Anderson [202] teaches: 

verifying a use of a digital credential by a user of a digital credential, at any of a 
plurality of different locations where the digital credential can be used; Col. 6, lines 42- 
54. Anderson [202] discloses the claimed invention except for the storing a result of the 
verification in an activity log in a central location that communicates with each of said 
plurality of different locations; and allowing specified users to access said result. 
However, Anderson [202] does disclose, "... send bank statements ... which reflects 
events of the transaction..." Col. 6, lines 5-58. 
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Vance '526 teaches that it is known in the art to provide storing the result of the 
verification in an activity log in a central location that communicates with each of said 
plurality of different locations; and allowing specified users to access said result. Col. 
12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson '202 about storing a result of the 
verification in an activity log in a central location that communicates with each of said 
plurality of different locations; and allowing specified users to access said result as 
taught by Vance '526, in order to clarify the generation and use of bank/transaction 
statements. 

As per claims 2,14,24, and 31 : 

Anderson [202] discloses the claimed invention except for storing transaction 
information in the activity log. However, Anderson [202] does disclose, "... send bank 
statements ... which reflects events of the transaction..." Col. 6, lines 5-58. Vance *526 
teaches storing transaction information in the activity log. Col. 12,13,14. It would have 
been obvious to one having ordinary skill in the art at the time the invention was made 
to store the results of a transaction so that at a later time a bank/transaction statement 
could be generated. 
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As per claims 3,15,25,28. and 33: 
Anderson [202] further discloses: 

wherein the transaction information includes at least one of a message that was 
signed using a digital signature key of the digital credential, a value of a transaction, an 
online service, an internet protocol (IP) address, a date of the transaction and a time of 
the transaction. Col. 25, lines 64-67, Col. 26, lines 1-35. 

As per claims 4, and 16: 

Anderson [202] discloses the claimed invention except for generating an activity 
report from the activity log, wherein the activity report lists the stored results. However. 
Anderson [202] does disclose, "... send bank statements ... which reflects events of the 
transaction..." Col. 6, lines 5-58. It would have been obvious to one having ordinary skill 
in the art at the time the invention was made to store the results of a transaction so that 
at a later time an activity report from the activity log [a bank statement] could be 
generated. 

As per claims 5,17, and 34: 
Anderson [202] further discloses: 

associating a name to a digital signature key of the digital credential, wherein the 
activity report lists the name of the digital signature key. Fig. 6, Col. 25, lines 64- 
67, Col. 26, lines 1-35. 
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As per claims 6. and 35: 

Anderson [202] discloses the claimed invention except for wherein generating the 
activity report includes generating the activity report upon request by an owner of the 
digital credential. However, Anderson [202] does disclose, "... provide statements or 
reports to the payer and the payee..." Col. 30, lines 19-29. It would have been obvious 
to one having ordinary skill in the art at the time the invention was made to generate an 
activity report based upon the request by an owner (payee/payer) of the digital 
credential. 

As per claims 7, and 36: 

Anderson [202] discloses the claimed invention, as discussed above, except for 
the step of wherein generating the activity report includes generating the activity report 
each time the digital credential is verified. It would have been an obvious matter of 
design choice to modify the teachings of Anderson [202], to provide the step of wherein 
generating the activity report includes generating the activity report each time the digital 
credential is verified. Since the applicant has not disclosed that generating the activity 
report includes generating the activity report each time the digital credential is verified 
solves any stated problem in a new or unexpected way or is for any particular purpose 
which is unobvious to one of ordinary skill and it appears that the claimed feature does 
not distinguish the invention over similar features in the prior art since, the teachings of 
Anderson [202] will perform the invention as claimed by the applicant with any method, 
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means, or product to generate an activity report that includes generating the activity 
report each time the digital credential is verified. 

As per claims 8, and 37: 

Anderson [202] discloses the claimed invention, as discussed above, except for 
the step of generating a report periodically. It would have been an obvious matter of 
design choice to modify the teachings of Anderson [202], to provide the step of 
generating a report periodically. Since the applicant has not disclosed that generating a 
report periodically solves any stated problem in a new or unexpected way or is for any 
particular purpose which is unobvious to one of ordinary skill and it appears that the 
claimed feature does not distinguish the invention over similar features in the prior art 
since, the teachings of Anderson [202] will perform the invention as claimed by the 
applicant with any method, means, or product to generating a report periodically. 

As per claims 10,20, and 39: 

Anderson [202] discloses the claimed invention except for wherein generating the 
activity report includes listing activity for a plurality of digital, signature keys associated 
with the owner and wherein said allowing compromises allowing said user to view all 
reports, but allowing each said delegate to view only their own activity reports for other 
delegates. However, Anderson [202] does disclose, "... provide statements or reports to 
the payer and the payee..." Col. 30, lines 19-29. 
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Vance '526 teaches that it is known in the art to generate an activity report which 
includes activity reports of the delegates of the user and wherein said allowing 
comprises allowing said user to view all reports, but allowing each said delegate to view 
only their own activity report, and not allowing each said delegate to view reports for 
other delegates. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson '202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance '526, in order to maintain the 
integrity of the tracking/reporting system. 

As per claims 12,22, and 41 : 

Anderson [202] discloses the claimed invention except for generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates. However, Anderson [202] does disclose, "... provide 
statements or reports to the payer and the payee..." Col. 30, lines 19-29. 

Vance '526 teaches that it is known in the art to generate an activity report which 
includes activity reports of the delegates of the user and wherein said allowing 
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comprises allowing said user to view all reports, but allowing each said delegate to view 
only their own activity report, and not allowing each said delegate to view reports for 
other delegates. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson '202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance *526, in order to maintain the 
integrity of the tracking/reporting system. 

As per claim 18: 

Anderson [202] discloses the claimed invention, as discussed above, except for 
the step of wherein the computer-executable instructions cause the computer to 
generate the activity report upon receiving a request by an owner of the digital 
credential, and wherein said allowing comprises allowing said user to view all reports, 
but allowing each said delegate to view only their own activity report, and not allowing 
each said delegate to view reports for other delegates. 

It would have been an obvious matter of design choice to modify the 
teachings of Anderson [202], to provide the step of generating the activity report upon 
receiving a request by an owner of the digital credential, periodically, or when the digital 
credential is verified. 
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Vance '526 teaches that it is known in the art to generate an activity report which 
includes activity reports of the delegates of the user and wherein said allowing 
comprises allowing said user to view all reports, but allowing each said delegate to view 
only their own activity report, and not allowing each said delegate to view reports for 
other delegates. Col. 12,13.14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson *202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance '526, in order to maintain the 
integrity of the tracking/reporting system. 

As per claim 26: 

Anderson [202] discloses the claimed invention except for comprising an owner 
database to store information of an owner of the digital credential and owner-approved 
delegates and wherein said communication element allows said owner to view all 
reports, but allows each said delegate to view only their own report, and not reports for 
other delegates. However, Anderson [202] does disclose, "... memory may contain 
certification information..." Col. 12, lines 57-65. 

Vance '526 teaches that it is known in the art to have an owner database to 
store information of an owner of the digital credential and owner-approved delegates 
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and wherein said communication element allows said owner to view all reports, but 
allows each said delegate to view only their own report, and not reports for other 
delegates. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson '202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance *526, in order to maintain the 
integrity of the tracking/reporting system. 

As per claim 27: 

Anderson [202] discloses the claimed invention except for a first data field to 
store a result from an verification of a digital credential by a user of a digital credential at 
any of a plurality of different locations where the digital credential can be used. 
However, Anderson [202] does disclose , "... send bank statements ... which reflects 
events of the transaction..." Col. 6, lines 5-58. It would have been obvious to one having 
ordinary skill in the art at the time the invention was made to store a result from a 
verification of a digital credential by a user of a digital credential at any of a plurality of 
different locations where the digital credential can be used allowing specified user's to 
access said results so that at a later time [a bank statement] could be generated. 
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Anderson [202] discloses the claimed invention except for a plurality of data 
fields to store transaction information relating to each verification result in a central 
location that communicates with each of said plurality of different locations; and a data 
access structure, allowing specified user's to access said results. Vance '526 teaches 
that it is known in the art to provide a plurality of data fields to store transaction 
information relating to each verification result in a central location that communicates 
with each of said plurality of different locations; and a data access structure, allowing 
specified user's to access said results. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Vance '526 about a plurality of data fields to 
store transaction information relating to each verification result in a central location that 
communicates with each of said plurality of different locations; and a data access 
structure, allowing specified user's to access said results as taught by Vance '526, in 
order to maintain the integrity of the tracking/reporting system. 

As per claim 29: 

Anderson [202] discloses the claimed invention except for the data structures 
further include a plurality of data fields to store owner and delegate information. 
However, Anderson [202] does disclose , "... memory may contain certification 
information..." Col. 12, lines 57-65. It would have been obvious to one having ordinary 
skill in the art at the time the invention was made to have memory that could hold the 
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data structures that include a plurality of data fields to store owner and delegate 
information to provide a complete list of who is authorized to use the certificate . 

Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Anderson 202, Vance 526 and Musgrave 010 as applied to claim 1 above, and 
further in view of Yacobi US 5,878,138 -Yacobi [1381- 

As per claim 9: 

Anderson [202] discloses the claimed invention except for the analyzing the 
activity log to detect misuse of the digital credential. However, Anderson [202] does 
disclose "Solutions to the problem of potential fraudulent usage ...must be built into the 
system at each stage..." Col. 36, lines 32-35. Yacobi [138] teaches that it is known to 
analyze the activity log to detect misuse of the digital credential. It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
analyze the activity log to detect misuse of the digital credential as taught by Yacobi 
[138], since Yacobi [138] states at col. 4, lines 8-9 that such a modification would 
provide that once fraud is detected, further perpetuation is prevented. 
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Claim 11 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Anderson 202, Vance 526 and Musgrave 010 as applied to claim 1 above, and 
further in view of Sudia US 5,659,616 Sudia [616] 

As per claim 1 1 : 

Anderson [202] discloses the claimed invention except for the authorizing one or 
more delegates to use a delegated digital credential to act on behalf of the owner of the 
digital credential for specified functions, wherein verifying the use of the digital 
credential includes determining whether the delegated digital credential was authorized 
for the specific use. 

Sudia [616] teaches that it is known to authorize one or more delegates to use a 
delegated digital credential to act on behalf of the owner of the digital credential for 
specified functions, wherein verifying the use of the digital credential includes 
determining whether the delegated digital credential was authorized for the specific use. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to authorize one or more delegates to use a delegated digital 
credential to act on behalf of the owner of the digital credential for specified functions, 
wherein verifying the use of the digital credential includes determining whether the 
delegated digital credential was authorized for the specific use as taught by Sudia [616], 
since Sudia [616] states at col. 14, lines 61-67, col. 15. lines 1-12, that such a 
modification would provide flexibility in the use of the digital signature. 
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Claim 19 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Anderson 202, Vance 526, and Musgrave 010 as applied to claim 13 above, and 
further in view of Yacobi US 5,878,138 -Yacobi [138]. 

As per claim 19: 

Anderson [202] discloses the claimed invention except for the analyzing the 
activity log to detect misuse of the digital credential. However, Anderson [202] does 
disclose "Solutions to the problem of potential fraudulent usage ...must be built into the 
system at each stage..." Col. 36, lines 32-35. Yacobi [138] teaches that it is known to 
analyze the activity log to detect misuse of the digital credential. It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
analyze the activity log to detect misuse of the digital credential as taught by Yacobi 
[138], since Yacobi [138] states at col. 4, lines 8-9 that such a modification would 
provide that once fraud is detected, further perpetuation is prevented. 

Claim 38 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Anderson 202, Vance 526, and Musgrave 010 as applied to claim 30 above, and 
further in view of Yacobi US 5,878,138 -Yacobi [138]. 

As per claim 38: 

Anderson [202] discloses the claimed invention except for the analyzing the 
activity log to detect misuse of the digital credential. However, Anderson [202] does 
disclose "Solutions to the problem of potential fraudulent usage ...must be built into the 
system at each stage..." Col. 36, lines 32-35. Yacobi [138] teaches that it is known to 
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analyze the activity log to detect misuse of the digital credential. It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
analyze the activity log to detect misuse of the digital credential as taught by Yacobi 
[138], since Yacobi [138] states at col. 4, lines 8-9 that such a modification would 
provide that once fraud is detected, further perpetuation is prevented. 

Claim 21 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Anderson 202, Vance 526 and IVIusgrave 010 as applied to claim 13 above, and 
further in view of Sudia US 5,659,616 Sudia [616] 

As per claim 21: 

Anderson [202] discloses the claimed invention except for the authorizing one or 
more delegates to use a delegated digital credential to act on behalf of the owner of the 
digital credential for specified functions, wherein verifying the use of the digital 
credential includes determining whether the delegated digital credential was authorized 
for the specific use. 

Sudia [616] teaches that it is known to authorize one or more delegates to use a 
delegated digital credential to act on behalf of the owner of the digital credential for 
specified functions, wherein verifying the use of the digital credential includes 
determining whether the delegated digital credential was authorized for the specific use. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to authorize one or more delegates to use a delegated digital 
credential to act on behalf of the owner of the digital credential for specified functions, 
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wherein verifying the use of the digital credential includes determining whether the 
delegated digital credential was authorized for the specific use as taught by Sudia [616], 
since Sudia [616] states at col. 14, lines 61-67, col. 15, lines 1-12, that such a 
modification would provide flexibility in the use of the digital signature. 

Claim 40 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Anderson 202, Vance 526 and Musgrave 010 as applied to claim 30 above, and 
further in view of Sudia US 5,659,616 Sudia [616] 

As per claim 40: 

Anderson [202] discloses the claimed invention except for the authorizing one or 
more delegates to use a delegated digital credential to act on behalf of the owner of the 
digital credential for specified functions, wherein verifying the use of the digital 
credential includes determining whether the delegated digital credential was authorized 
for the specific use. 

Sudia [616] teaches that it is known to authorize one or more delegates to use a 
delegated digital credential to act on behalf of the owner of the digital credential for 
specified functions, wherein verifying the use of the digital credential includes 
determining whether the delegated digital credential was authorized for the specific use. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to authorize one or more delegates to use a delegated digital 
credential to act on behalf of the owner of the digital credential for specified functions, 
wherein verifying the use of the digital credential includes determining whether the 
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delegated digital credential was authorized for the specific use as taught by Sudia [616], 
since Sudia [616] states at col. 14, lines 61-67, col. 15, lines 1-12, that such a 
modification would provide flexibility in the use of the digital signature. 



Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 48-49 are rejected under 35 U.S.C. 103(a) as being unpatentable 

over Goldsmith US 6,064,990 [Goldsmith'990], and in further view of Vance '526. 

As per claim 48: 
Goldsmith'990 discloses; 

receiving transaction requests from a plurality of delegate users who are 
delegated from an owner, Col. 2. lines 60-67 

wherein the transaction requests include digital credentials for the users; Col. 2, 
lines 55-60 

processing the transaction requests; Col. 2, lines 60-67 

communicating transaction information to a central service, Col. 2, lines 60-67 
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wherein the transaction information includes the digital credentials of the users. 
Col. 2. lines 50-55. 

Goldsmith '990 discloses the claimed invention except for the wherein said allowing 
comprises allowing said user to view all reports, but allowing each said to view only their 
own activity report, and not allowing each said delegate to view reports for other 
delegates. 

Vance '526 teaches that it is known in the art to provide a wherein said allowing 
comprises allowing said user to view all reports, but allowing each said to view only their 
own activity report, and not allowing each said delegate to view reports for other 
delegates. It would have been obvious to one having ordinary skill in the art at the time 
the invention was made to provide the transaction request involving digital credentials of 
Goldsmith '990 with the ability of a user (corporation) to view all reports, but allowing 
each said to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates, in order to maintain control and security of corporation 
expenditures. 

As per claim 49: 
Goldsmith further discloses; 

wherein processing the transaction requests includes communicating the digital 
credentials to the central service for verification. Fig. 1,10 
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Claims 50-52 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Goldsmith'990 and Vance'526 as applied to claim 48 above, and further in 
view of Anderson'202 and Sudia'616. 

As per claim 50: 

Goldsmith'990 discloses the claimed invention except for the verifying the digital 
certificate and communicating the result of the verification to the credential service. 
Anderson'202 teaches that it is known to verify digital certificates. It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
verify digital certificates as taught by Anderson'202, since Anderson'202 teaches at Col. 
6, lines 40-55 verification of digital certificates. 

Goldsmith'990 and Anderson'202 disclose the claimed invention except for 
communicating a result of the verification to the credential service. 

Sudia [616] teaches that it is known to verify the digital credential; and 
communicate the result of the verification to the credential service. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to verify the digital credential; and communicate the result of the 
verification to the credential service as taught by Sudia [616], since Sudia [616] states at 
col. 14, lines 61-67, col. 15, lines 1-12. that such a modification would provide flexibility 
in the use of the digital signature. 
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As per claim 51: 

Goldsmith'990 and Anderson *202 discloses the claimed invention except for 
receiving a activity report from the central service, wherein the activity report lists the 
transaction information for each digital credential. However, Anderson [202] does 
disclose , "... send bank statements ... which reflects events of the transaction..." Col. 6, 
lines 5-58. It would have been obvious to one having ordinary skill in the art at the time 
the invention was made to store a result from a verification of a digital credential and a 
plurality of data fields to store transaction information relating to each verification result 
so that at a later time [a bank statement] could be generated. 

As per claim 52: 

Goldsmith'990 discloses the claimed invention except for wherein the transaction 
information includes at least one of a message that was signed, a transaction value, an 
online service, an internet protocol (IP) address, a value of the transaction, a date of the 
transaction and a the time of the transaction. 

Anderson'202 discloses wherein the transaction information includes at least one 
of a message that was signed, a transaction value, an online service, an internet 
protocol (IP) address, a value of the transaction, a date of the transaction and a the time 
of the transaction. It would have been obvious to one having ordinary skill in the art at 
the time the invention was made to wherein the transaction information includes at least 
one of a message that was signed, a transaction value, an online service, an internet 
protocol (IP) address, a value of the transaction, a date of the transaction and a the time 
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of the transaction as taught by Anderson'202, since Anderson'202 shows in Fig.6 that 
transaction information includes at least one of a message that was signed, a 
transaction value, an online service, an internet protocol (IP) address, a value of the 
transaction, a date of the transaction and a the time of the transaction 

Claims 42-44, are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Goldsmith US 6,064,990 [Goldsmith'990]. 

As per claim 42: 
Goldsmith *990 discloses; 

storing use information for a user; Col. 1, lines 53-55 

processing the use information; Col. 1 , lines 55-57 

generating an alert. Col. 1, lines 57-64. 
Goldsmith '990 discloses the claimed invention, as discussed above, except for the step 
of storing use information for a digital of a plurality of delegates who are delegated to 
use said digital credential by an owner processing the use information for each of said 
plurality of delegates to detect misuse. However, Goldsmith'990 is providing usage 
information on the activity of data associated with the user. It would have been an 
obvious matter of choice to modify the teachings of Goldsmith '990, to provide the step 
of storing use information for a digital certificate or any other type of data associated 
with the user. Since the applicant has not disclosed that a digital certificate uniquely 
distinguishes itself from any other type of data which is unobvious to one of ordinary 
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skill and it appears that the claimed feature does not distinguish the invention over 
similar features in the prior art since, the teachings of Goldsmith'990 will perform the 
invention as claimed by the applicant regardless of what the data is being used for or 
named. 

Goldsmith *990 discloses the claimed invention, as discussed above, except for 
the step of processing the use information to detect misuse. However, Goldsmith'990 
does process the information if the authentication is breached or for any unauthorized 
activity. Col. 2, lines 5-10. It would have been an obvious matter of choice to modify the 
teachings of Goldsmith *990, to call breaching the authentication protocol or 
unauthorized activity as a misuse of an account. Since the applicant has not disclosed 
that term "misuse" distinguishes itself from any other type breaching or unauthorized 
activity which is unobvious to one of ordinary skill and it appears that the claimed 
feature does not distinguish the invention over similar features in the prior art since, the 
teachings of Goldsmith'990 will perform the invention as claimed by the applicant 
regardless of what the breaching or unauthorized activity is called. 

Goldsmith '990 discloses the claimed invention, as discussed above, except for 
the step of generating an alert to the owner when misuse is detected. However, 
Goldsmith'990 does immediately notify a user of account activity. Col. 2, lines 5-10. 
Goldsmith'990 does include notification of any user-designated misuse of their account. 
Since the applicant has not disclosed that generating an alert when misuse is detected 
distinguishes itself from any other type notification activity which is unobvious to one of 
ordinary skill and it appears that the claimed feature does not distinguish the invention 
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over similar features in the prior art since, the teachings of Goldsmith'990 will perform 
the invention as claimed by the applicant and include misuse information in the user 
notification. 

As per claim 43: 
Goldsmith'990 further discloses; 

generating an activity report based on the use information. Fig. 3 
As per claim 44: 

Goldsmith '990 discloses the claimed invention, as discussed above, except for 
the step of wherein generating an alert includes alerting a credential sen/ice provider. 
However, Goldsmith'990 does disclose transforming the account activity message into 
an e-mail message and transmitting the e-mail message to the user provided e-mail 
address. Col. 6, lines 58-65. The user provided e-mail addresses are only limited by the 
user's imagination. It would have been an obvious matter of choice to modify the 
teachings of Goldsmith '990, to include in the user's e-mail a credential service provider. 
Since the applicant has not disclosed that alerting a credential service provider 
distinguishes itself from alerting any other type of organization which is unobvious to 
one of ordinary skill and it appears that the claimed feature does not distinguish the 
invention over similar features in the prior art since, the teachings of Goldsmith'990 will 
perform the invention as claimed by the applicant regardless of who or what 
organization is alerted. 
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2. Claims 45 and 47 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Goldsmith'990 as applied to claim 42 above, and further in view of 
Anderson'202 and Vance'526. 

As per claim 45: 
Goldsmith'990 further discloses: 

wherein the use information includes transaction information. Col. 8, lines 1-27 

Anderson [202] discloses the claimed invention except for allowing comprises 
allowing said user to view all reports, but allowing each said delegate to view only their 
own activity report, and not allowing each said delegate to view reports for other 
delegates. However, Anderson [202] does disclose , "... provide statements or reports to 
the payer and the payee..." Col. 30, lines 19-29. 

Vance '526 teaches that it is known in the art to wherein said allowing comprises 
allowing said user to view all reports, but allowing each said delegate to view only their 
own activity report, and not allowing each said delegate to view reports for other 
delegates. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to include in Anderson '202 about generating activity reports of the 
delegates of the user and wherein said allowing comprises allowing said user to view all 
reports, but allowing each said delegate to view only their own activity report, and not 
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allowing each said delegate to view reports for other delegates as taught by Vance '526, 
in order to maintain the integrity of the tracking/reporting system. 

As per claim 47: 

Goldsmith'990 discloses the claimed invention except for the wherein the 
transaction information includes at least one of a message that was signed using a 
digital signature key of the digital credential, a value of a transaction, an online service, 
an internet protocol (IP) address, a date of the transaction and a time of the transaction. 
Anderson'202 teaches that it is known in the art to provide wherein the transaction 
information includes at least one of a message that was signed using a digital signature 
key of the digital credential, a value of a transaction, an online service, an internet 
protocol (IP) address, a date of the transaction and a time of the transaction. Col. 25, 
lines 64-67. Col. 26, lines 1-35. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the electronic notification of account activity of 
Goldsmith'990 with the wherein the transaction information includes at least one of a 
message that was signed using a digital signature key of the digital credential, a value 
of a transaction, an online service, an internet protocol (IP) address, a date of the 
transaction and a time of the transaction of Anderson'202, in order to provide complete 
information regarding the transaction. 
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Claim 46 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Goldsmith'990 and further in view of Sudia'616. 

As per claim 46: 

Goldsmith*990 discloses the claimed invention except for that the use information 
includes verification information for the digital credential. Sudia'616 teaches that it is 
known to verify digital credentials. It would have been obvious to one having ordinary 
skill in the art at the time the invention was made to verify digital information as taught 
by Sudia'616 and issue a report as taught by Goldsmith'990. 



Claim 53-56 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Anderson'202, and further in view of Goldsmith'990. 

As per claim 53: 
Anderson'202 discloses; 

receiving a request from a medical professional to access medical information at 
a remote location, Fig. 26 

wherein the request includes a digital credential for the medical professional; 

Fig. 26 
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communicating transaction information describing the access request and the 
digital credential to a credential verification service; Fig 26 

receiving a verification result from the credential verification service; Fig. 26 

providing the medical professional access to the medical information based on 
the verification result; Fig. 26 

Anderson'202 discloses the claimed invention except for receiving an activity 
report from the credential verification service and wherein the activity report lists the 
transaction information, the digital credential and the transaction result. Goldsmith'990 
teaches that it is known to receive an activity report from the credential verification 
service and wherein the activity report lists the transaction information, the digital 
credential and the transaction result. It would have been obvious to one having ordinary 
skill in the art at the time the invention was made to receive an activity report from the 
credential verification service and wherein the activity report list the transaction 
information, the digital credential and the transaction result as taught by Goldsmith'990. 

As per claim 54: 
Anderson'202 further discloses; 

wherein the transaction information includes at least an access type, a date of 
the transaction and a time of the transaction. Fig. 6. 
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As per claim 55: 
Anderson'202 further discloses; 

wherein the digital credential was provided by a credential issuing service and a 
credential service provider. Fig. 24 

As per claim 56: 
Anderson'202 further discloses; 

receiving a request to access the activity report from an owner of the digital 
credential; Col. 31, lines 10-67 

providing the owner access to the activity report. Col. 31 , lines 10-67 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims below for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant, in preparing the 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the examiner 



Application/Control Number: 09/608,402 Page 34 

Art Unit: 3621 

Conclusion 

Any inquiry concerning this comnnunication or earlier communications from the 
examiner should be directed to Daniel L. Greene whose telephone number is 703-306- 
5539. The examiner can normally be reached on M-Thur. 8am-6pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James P. Trammell can be reached on 703-305-9768. The fax phone 
numbers for the organization where this application or proceeding is assigned are 703- 
305-7687 for regular communications and 703-305-7687 for After Final 
communications. 

Any inquiry of a general nature or relating to the status of this application or 
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